About 2070Health
W Health has set up India's first healthcare focused Venture Studio called 2070Health - an innovation platform that builds transformative healthcare companies from scratch by discovering disruptive opportunities in whitespaces. Distinct from the accelerator approach, our venture studio is closely involved in idea generation, day-to-day operations, and strategic decisions of growing the new business. Companies incubated in the last 24 months include Elevate Now, Nivaan Care, Reveal Healthtech , BabyMD and Everhope Oncology.
Role Overview
The IT Manager will be responsible for
managing and securing the entire IT infrastructure
of the organization, ensuring compliance with the
Cybersecurity & Cyber Resilience Framework (CSCRF)
, and supporting employees across multiple office locations. This role covers
IT operations, cybersecurity designing, implementation, asset management, networking, hardware/software lifecycle, vendor management, patching, backup, endpoint security, and user support
.The IT Manager will work on designing and implementation of all cybersecurity controls.
Key Responsibilities
- IT Infrastructure & Operations
- End-User & Hardware Management
- Manage and support laptops, desktops, printers, peripherals for :40 staff across multiple cities
- Enforce device hardening and security baselines (as per OS, endpoint, and network hardening policies)
- Ensure secure device provisioning, configuration, updates, and decommissioning
- Network & Connectivity Management
- Manage office networking setups across cities (LAN, WiFi, firewalls, switches, routers)
- Ensure WPA3, VLAN segmentation, RBAC, and secure co-working network controls
- Maintain VPN access, MFA enforcement, bandwidth policies, and network monitoring
- SaaS & Application Support
- Administer critical SaaS tools (email, collaboration tools, cloud storage, CRM, monitoring tools)
- Manage access provisioning, de-provisioning, privilege controls, and license renewals
- Cybersecurity & CSCRF Compliance
- Designing & Implementation of Cybersecurity Controls
- Enforce all policies:
- Risk management
- Asset management
- Authentication & authorization
- Data protection & encryption
- Network security
- Patch management
- Incident response
- VAPT & vulnerability management
- Third-party vendor security
- Backup & disaster recovery
- Identity & Access Management (IAM)
- Apply least privilege and time-bound access principles
- Manage MFA for all critical systems and remote access points
- Review access logs and dormant accounts
- Incident Detection & Response
- Monitor endpoint alerts, email security, network anomalies
- Log, escalate, and document security incidents as per incident management SOP
- Support forensic investigations, RCA, and SEBI reporting requirements
- Patch Management & Updates
- Monitor OEM advisories, deploy updates as per severity timelines:
- Critical: 7 days
- High: 15 days
- Medium/Low: 30 days
- Maintain patch logs, testing records, and change control approvals
- Vulnerability Management
- Coordinate VAPT activities with CERT-In empanelled auditors
- Track remediation progress and ensure revalidation.
- Asset Management & Documentation
- IT Inventory Ownership
- Maintain a detailed asset register for all hardware, software, and cloud resources
- Track asset lifecycle from purchase to disposal
- Validate annual inventories and reconcile with physical assets
- Software Compliance
- Maintain SBOMs for critical systems (as mandated in policy)
- Ensure only licensed and approved software is installed
- Prevent unauthorized devices or applications
- Data Protection, Backup & DR
- Implement daily/weekly backups for critical data and server images
- Manage off-site/cloud backup storage
- Test restore procedures periodically to meet RPO/RTO targets
- Ensure encryption at rest and in transit for all sensitive data
- Vendor & Third-Party Management
- Ensure all IT vendors adhere to cybersecurity requirements
- Manage NDAs, MSAs, SLAs, and third-party audit documentation
- Validate controls from co-working space providers (network segregation, CCTV access, etc.)
- Perform quarterly vendor security reviews
- Support & Employee Training
- Provide L1/L2 support for IT issues, outages, and hardware failures
- Conduct employee cybersecurity awareness training (phishing, data handling, passwords)
Ensure HODs and teams are aligned with acceptable use policy.
Requirements
Technical Skills
- Strong knowledge of Windows/macOS administration
- Office 365/Google Workspace administration
- Endpoint security tools (AV/EDR)
- VLAN, firewalls, VPNs, WiFi protocols, network segmentation
- Backup/disaster recovery systems
- Hands-on patching, asset management, logging, MFA
- Experience with VAPT coordination & vulnerability remediation
- Familiarity with SEBI cybersecurity requirements (preferred)
Experience
- 4-8 years in IT administration or IT infrastructure roles
- Multi-location IT operations experience
- Experience working in regulated industries (preferred)
Behavioral Competencies
- High ownership and accountability
- Strong documentation discipline
- Ability to work independently across distributed teams
- Proactive problem-solving and risk identification
- Confidentiality and ethics benchmark
